haikuwebkit/LayoutTests/js/regress-150513.html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
</head>
<body>
<script src="script-tests/regress-150513.js"></script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>
REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584 https://bugs.webkit.org/show_bug.cgi?id=150513 Reviewed by Saam Barati. Source/JavaScriptCore: Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant. If not, we turn the call into a virtual call. The bug was caused by a stack overflow when preparing the function for execution. This properly threw an exception, however linkPolymorphicCall() didn't check for this error case. Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing. API/JSCTestRunnerUtils.cpp: (JSC::failNextNewCodeBlock): (JSC::numberOfDFGCompiles): * API/JSCTestRunnerUtils.h: * jit/Repatch.cpp: (JSC::linkPolymorphicCall): * jsc.cpp: (GlobalObject::finishCreation): (functionTransferArrayBuffer): (functionFailNextNewCodeBlock): (functionQuit): * runtime/Executable.cpp: (JSC::ScriptExecutable::prepareForExecutionImpl): * runtime/TestRunnerUtils.cpp: (JSC::optimizeNextInvocation): (JSC::failNextNewCodeBlock): (JSC::numberOfDFGCompiles): * runtime/TestRunnerUtils.h: * runtime/VM.h: (JSC::VM::setFailNextNewCodeBlock): (JSC::VM::getAndClearFailNextNewCodeBlock): (JSC::VM::stackPointerAtVMEntry): Tools: Added a new test function, failNextNewCodeBlock() to simplify the writing of a regression test. * DumpRenderTree/TestRunner.cpp: (simulateWebNotificationClickCallback): (failNextCodeBlock): (numberOfDFGCompiles): (TestRunner::staticFunctions): * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl: * WebKitTestRunner/InjectedBundle/TestRunner.cpp: (WTR::TestRunner::setBlockAllPlugins): (WTR::TestRunner::failNextCodeBlock): (WTR::TestRunner::numberOfDFGCompiles): * WebKitTestRunner/InjectedBundle/TestRunner.h: LayoutTests: New regression test. * js/regress-150513-expected.txt: Added. * js/regress-150513.html: Added. * js/script-tests/regress-150513.js: Added. (test): * resources/standalone-pre.js: Added failNextNewCodeBlock to testRunner object. Canonical link: https://commits.webkit.org/168677@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191530 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2015-10-24 01:45:30 +00:00			`<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">`
			`<html>`
			`<head>`
			`<script src="../resources/js-test-pre.js"></script>`
			`</head>`
			`<body>`
			`<script src="script-tests/regress-150513.js"></script>`
			`<script src="../resources/js-test-post.js"></script>`
			`</body>`
			`</html>`